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Listing of claims : 

1 . (Currently amended) A computer-implemented method for maintaining 

configuration information on a mobile device, comprising: 

receiving a message , wherein the message identifies the source of the message and 
changes to settings of the mobile device; including a r e qu e st assoeiat e d - wtth - confifiuration 
information stored on th e mobilo dovico; 

identifying, by a push router of the mobile device, the source of the received message, 
wherein the push router associates a security role with the received message based on the 
identified source of the received message and inserts an identifier into the received message to 
identify the associated security role: 

passing the message to a configuration manager; 

parsing, bv the configuration manager, the message to identify at least one configuration 
service provider, among a plurality of configuration service providers, responsible for the 
settings identified in the message: 

determining whether the assigned security role of the message, assigned by the push 
router,_is_sufficient to invoke the identified configuration service provider: 

failing the transaction when the assigned security role of the message is not sufficient; 

passing the message to the configuration service provider when the assigned security role 
of the message is sufficient wherein the identified configuration security provider determines 
whether the assigned security role of the message is sufficient for settings associated with the 
configuration service provider: 

failing the transaction when the assigned security role of the message is insufficient for 
the settings: and 

performing the changes to the settings of the mobile device when the configuration 
service provider determines that the security role of the message is sufficient. 

identifying the sour o o of the roofrtv e d - m e ssag e from data associat e d with tho rooci y od 
message; 

associating a s6curity-folo-wkh4ho rocoivod - m e ssag e bas e d on th e identified souroo of tho 
r e c e iv e d - m e ssag e ; 

ins e rting an identifier - into tho r o o oivod mosaago to identify th e associated -s ecurity rol e ; 
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determining - at l oost one configuration setting within the configuration information 
affoctod by th e r e c e iv e d - m e ssag e ; 

eemparing th e- as s ociat e d security role of th e r e c e ived mcssago with a socurity privilege 
asoooiotod with tho ai loast one configuration s e tting on tho mobile d e vic e ; and 

if the associated -s ecurity rolo of the roccived m e ssago is in agreement with th e s e curity 
privil e g e associated with the at loast ono configuration sotting on - tho mobile d e vic e , processing 
tho roqucst - associated -with the - configuration information. 

2. (Cancelled) 

3 . (Previously presented) The computer-implemented method of claim 1 , wherein 
the source of the message is identified from authentication and decryption of the received 
message. 

4. (Currently amended) The computer-implemented method of claim 1 5 wherein the 
information within the message includes a shared key that identifies the source of the message. 

5. (Original) The computer-implemented method of claim 1, wherein determining 
whether the assigned security role of the message, assigned bv the push router, is sufficient to 
invoke the identified configuration service provider farther comprises comparing the assigned 
security role of the message to an assigned security role of the configuration service provider. 
processing th e r e que s t associated with the configuration information furth e r compris e s 
comparing th o so ourity rolo with another s e curity privil e g e associat e d with a configuration 
sorvioo provid e r, th e configuration s orvioo provider being responsibl e for managing th e 
configuration information stor e d on tho mobile dovice. 

6-7. (Cancelled) 

8. (Currently amended) A computer-readable medium having computer-executable 

components for managing security on a mobile device, comprising: 

a stored setting having an assigned security role that identifies a privilege that an entity 
attempting to access the stored setting must satisfy in order to access the stored setting; 
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a router configured to receive a configuration message over a wireless communication 
link, the router being further configured to identify a source of the configuration message and 
insert a security role identifier into the received configuration message based on the identified 
source, the router being further configured to pass the configuration message to other 
components of the mobile device, the configuration message including an instruction that affects 
a configuration setting; aad 

a configuration manager configured to receive the configuration message from the router 
and to parse the configuration message to identify a configuration service provider responsible 
for the instruction, wherein the configuration manager passes the co nfiguration message to the 
configuration service provider when the assigned security role of th e configuration message 
provides a privilege to access the configuration service provider; and tho configuration GQtting 
affected by the configuration messag e , th e configuration managor being furth e r configured to 
compare tho assigned soourity rol e of tho configuration message to security rol e s assigned to 
configuration s e ttings ctored on th e mobile devic e , 

wheroin if tho configuration sotting identifi e d - in the configuration mossago identifies th e 
stored sotting, and whoroin if the assign e d soourity rolo has suffici e nt privil o go t o noocss th e 
stored setting, th e configuration manag e r Gam es- die instruction that - a - Efooto tho configuration 
sotting to b e proc e ss e d ? 

tii ft mnfi juration service provider being configured to receive the configuration message 
from the_configuration manager, determine whether the assigned security role of the 
configuration message has sufficient privilege to access the stored settings, and execute the 
instructions when the configuration service provider determines that the assign ed security role 
has sufficient privilege to access the stored setting. 

9. (Currently amended) The computer-readable medium of claim 8, furth e r 
comprising a wherein the configuration service provider isconfigured to manage at least one 
configuration setting stored on the mobile device, and wherein the processing of the instruction 
is performed by the configuration service provider, 

10. (Original) The computer-readable medium of claim 9, wherein the configuration 
service provider has an assigned security role that identifies a privilege that must be associated 
with an instruction that affects a configuration setting which the configuration service provider 
maintains. 

1 1 . (Original) The computer-readable medium of claim 1 0, wherein the configuration 
manager is further configured to determine if the instruction that affects the configuration setting 
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is in agreement with the security role assigned to the configuration service provider that 
maintains the affected configuration setting, and if so, the configuration manager is further 
configured to pass the instruction to the configuration service provider to be handled. 

1 2. (Original) The computer-readable medium of claim 1 1 , wherein the configuration 
service provider determines if the instruction is in agreement with the security role assigned to 
the stored setting prior to processing the instruction, and if not, terminating the processing of the 
instruction. 



1 3 . (Currently amended) A computer-readable medium having computer-executable 

instructions for maintaining configuration information on a mobile device, comprising: 

receiving a configuration message, wherein the configuration message includes a header 
field that identifies a source and an instruction field that identifies a configuration setting on the 
mobile device; 

identifying, by a push router of the mobile device, the source of the received 
configuration message from the header field, wherein the push router inserts a security role 
identifier into a security role field of the received configuration messaged, wherein the security 
role is based on the identified source of the received configuration message: 

passing the configuration message to a configuration manager: 

parsing, bv the configuration manager, the configuration message to identify at least one 
configuration service provider, among a plurality of configuration service providers, responsible 
for the setting identified in the configuration message: 

determining whether the inserted security role identifier of the configuration message, 
assigned bv the push router, is sufficient to invoke the identified configuration service provider: 

failing the transaction when the inserted security role identifier of the configuration 
message is not sufficient; 

•passing the message to the confi guration service provider when the inserted security role 
identifier of the configuration message is sufficient wherein the identified configuration security 
provider determines whether the inserted security role identifier of the configuration message is 
sufficient for the setting associated with the configurationservice provider: 

failing the transaction when the inserted security role identifier of the configuration 
message is insufficient for the setting: and 
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performing the changes to the setting of the mobile device when the configuration service 
provider determines that the inserted security role identifier of the configuration message is 
sufficient. 

receiving a configuration messag e including a header and an instruction acpoeifttcd with a 
configuration s e tting stored on th e mobil e d e v i e e? 

identifying tho source of th e r e coivod moasago from th e h e ad e r of th e r e c e iv e d 
configuration m e s sage? 

associating n a s oourity rol e with th o instruction based on the sourc e of th e r e c e iv e d 
m e ssag e , whorQin the associat e d s e curity rolo is - associat e d to tho instruction by atag - inoludod in 
tho message; 

comparing the security rolo of tho i nstruction with a s e curity rol e associated with tho 
configuration setting stor e d on tho mobilo dovice; and 

if tho Qocurity rol e of th e in$traction 4 fl4n agreement with th e s e curity rol e of th e 
configuration s e tting, proc e ssing tho instruction. 

14. (Cancelled) 

1 5 . (Previously presented) The computer-readable medium of claim 13, wherein the 
source of the message is identified from authentication and decryption of the received message. 

16. (Previously presented) The computer-readable medium of claim 13, wherein &e 
information within the configuration message includes a shared key that identifies the source of 
the configuration message. 

17. (Currently amended) The computer-readable medium of claim 13, wherein 
determining whether the inserted security role identifier of the configuration message, assigned 
by the push rout er., is suffi cient to invoke the identified configuration service provider further 
comprises comparing the inserted security role identifier of the configuration message to an 
assigned security role of the configuration service provider, wherein processing tho instruction 
compris e s comparing - th e- s e curity - rolo of tho instraetioiw i fc - another s e curity rol e associat e d 
w ith-a ooafigug ation - sorvdoo - providor, the configuration scrvico^rovidor - boing rosponsiblo for 
queri e s of and changos to tho configuration sotting. 
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18-28 (Cancelled) 
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